Privacy advocates fear massive fed health database

U.S. Office of Personnel Management wants to collect data from three health programs

Several privacy groups have raised alarms over plans by the U.S. Office of Personnel Management (OPM) to build a database that would contain information about the healthcare claims of millions of Americans.

The concerns have surfaced because the OPM has provided few details about the new database and because the data collected will be shared with law enforcement, third-party researchers and others.

In a letter to OPM Director John Berry, the Center for Democracy and Technology (CDT) and 15 other organizations asked the agency to release more details on the need for the database and how the data contained in it will be protected and used.

The OPM "should not create this massive database full of detailed individual health records without giving the public a full and fair chance to evaluate the specifics of the program," the letter cautioned.

It also called upon the OPM to delay its proposed Nov. 15 launch date for the database because there was not enough time for independent observers to evaluate the proposal.

According to the OPM, the planned Health Claims Data Warehouse is designed to help the agency more cost-effectively manage three health claims programs: the Federal Employee Health Benefit Program (FEHBP), the National Pre-Existing Condition Insurance Program and the Multi-State Option Plan.

The pre-existing condition program, which launched in August, and the multi-state option plan, which is scheduled to go into effect in January 2014, were both introduced earlier this year as part of the Affordable Care Act, the law designed to overhaul health care in the U.S. that was signed by President Obama in March. The OPM is in charge of administering the FEHBP as well as the two new programs.

In a formal notice published in the Federal Register last month, the OPM said that creating a central and comprehensive database would allow it to more actively manage the programs and ensure "best value for both enrollees and taxpayers."

As part of the effort, the OPM will establish direct data feeds with each of the three programs and will continuously collect, manage and analyze health services data. The data that the agency collects will include individuals' names, addresses, Social Security numbers and dates of birth, plus the names of their spouses and other information about dependents, and information about their healthcare coverage, procedures and diagnoses.

According to the so-called systems of record notice (SORN) that the OPM published in the Federal Register, the data collected will be de-identified, which means that details that would tie pieces of data to specific individuals would be removed. This process would occur "in many instances" and before an analysis is conducted, the OPM reports. However, the notice offers no details on how and when such de-identification will be done or the extent to which personal identifiers will be removed before analysis.

In addition to using the data for its own internal analysis, the OPM will also make it available, if required, for law enforcement purposes and for use in judicial or administrative proceedings, and to "researchers and analysts" inside and outside government for healthcare research purposes, the OPM notice said.

The OPM's notice is troubling for its lack of detail and the limited time it offers for evaluation, said Harley Geiger, policy counsel for the CDT.

"There are far too many unknowns about the program for it to be acceptable," at this point, Geiger said.

While the OPM, for instance, has indicated that the data it collects will help to better administer the three healthcare programs, there are no details why the data will be useful, he said.

The OPM did not respond to several requests for comment.

The OPM has also made little mention of how it plans to protect the data it collects or what its processes for de-identification are going to be, Geiger said. Regulations in HIPAA (the Health Insurance Portability and Accountability Act) require specific steps for making health care data anonymous, but there is no indication that the OPM will adopt those standards or something else, Geiger said.

The OPM's statement that it will share the data with third-party researchers and analysts is also deeply troubling, as is its willingness to make the data available for law enforcement and judicial purposes, he said.

At a minimum, the OPM needs to issue a revised notice fleshing out its plans in more detail and to provide a genuine opportunity for public comment, Geiger said. "This goes completely against public expectations of confidentiality in their [health] records," he said. "People expect their healthcare provider to have their medical information. What they don't expect is for the government to get a copy of that which they will then disclose to law enforcement and to Congress and to researchers."

Deborah Peel, founder and chairwoman of the Patient Privacy Rights Foundation in Austin, said the OPM's database proposal raises serious privacy concerns. One of the biggest concerns revolves around the fact that the OPM will share the data it collects with third-party researchers. While the OPM says the data will be used only for medical research purposes, such data is almost never used that way, she said.

Most third-party "research" involving protected health information is more about commercial, business analytics than it is about helping patients or doctors, Peel said. "Although this proposal is being described as intended to help promote medical research and efficiency analysis, we do not see adequate safeguards to ensure that the aggregated records are not used as fodder for the health data mining industry," she said.